Skip to content

TnE Connect — Fourway tenant

TnE Connect workforce platform deployed for the Fourway client at fourway.tneconnect.app. Built on Oracle APEX running on a Free Tier Autonomous Database (APEX2) in the EIDOSDev1 OCI tenancy. 150 users, paying customer; commercial relationship is friends-and-family pricing (~£5,000/year) given Fourway helped test the product.

Field Value
Customer-facing URL https://fourway.tneconnect.app
APEX builder vanity URL https://apex2.projecteidos.com
APEX builder direct URL https://G8EE0CCE1DAD263-APEX2.adb.uk-london-1.oraclecloudapps.com/ords/apex
Audience Fourway's workforce — ~150 users
Criticality high — paying client, heavy PII, no formal SLA but 99% uptime expectation
Maturity hobby/trial — mature dev workflow but Free-Tier infra and no DR
Owner [INFO NEEDED] (TnE product team)
Last reviewed 2026-05-07

1. At a glance

The Fourway client uses TnE Connect — our workforce-management product — as a paying SaaS customer. Approximately 150 users across Fourway's organization use it for workforce data (timesheets, employee records, scheduling). The deployment is an Oracle APEX application on a Free Tier Autonomous Database named APEX2 in the EIDOSDev1 OCI tenancy; both prod and pre-prod schemas live in the same ADB.

The commercial arrangement is friends-and-family pricing — ~£5,000/year for 150 users — recognising Fourway's role as the original test customer that helped harden the product. There is no formal SLA but the implicit expectation is 99% uptime. Given the volume of staff PII the product handles, the security and DR posture is the area we are actively investing in.

The product itself is meaningfully different from Parallax: separately built and refined over years by a different team, with a more mature dev workflow.

2. Business purpose

  • Paying SaaS customer relationship.
  • Reference deployment proving the TnE Connect product to the wider market.
  • Strategic: we are betting big on the TnE Connect SaaS as a growth product (RocketSaaS marketing partner engaged; new product website at https://tneconnect.app/). Fourway is the proof-point.

3. Audience

  • Fourway's employees and managers — ~150 users.
  • Authentication is via Microsoft SSO (Fourway's own M365 tenant), not local APEX accounts.

4. Hosting & cloud infrastructure

  • Cloud: Oracle Cloud Infrastructure (OCI)
  • Tenancy: EIDOSDev1
  • Compartment: FOURWAY
  • Server: E4 — Fourway TnE Free ADB — instance name APEX2
  • Reverse proxy (vanity URLs): Caddy on E1
  • Customer-facing routing: fourway.tneconnect.app is fronted by E2 Traefik (apex DNS direct to E2)
  • Environments: prod and pre-prod schemas both exist in the same ADB, separate APEX workspaces

Infrastructure map

Item Value Notes
Customer-facing URL fourway.tneconnect.app DNS direct to E2 Dokploy/Traefik (not via E1 Caddy)
APEX builder vanity URL apex2.projecteidos.com E1 Caddy → ADB direct URL
APEX builder direct URL https://G8EE0CCE1DAD263-APEX2.adb.uk-london-1.oraclecloudapps.com/ords/apex publicly reachable
ADB instance name APEX2
ADB OCID ocid1.autonomousdatabase.oc1.uk-london-1.anwgiljrbm2l2oia66geugajrnorcejhcdzt6pjdsmwzg52jsizhbfhsowza
ADB tier Always Free
ADB workload APEX
Auto-pause after 7 days idle yes (Free Tier) with 150 users this is unlikely to fire, but no keep-alive heartbeat configured
Oracle DB version 19c — Oracle has requested migration to 26ai (KI-036) major-version migration pending without restorable backup
Backup retention 60 days Oracle automated NOT restorable on Free Tier
Cross-region DR none (single-region uk-london-1)
Schemas in this ADB FOURWAY-PROD (live), PREPROD (test) both in same ADB
Region uk-london-1

Credentials in Vault

Secret type Vault location
Non-OCI creds (Azure SSO, email, OTP) fourway_kv/ — Fourway-specific mount
ADB-level credentials (APEX2 ATP) kv_pe/APEX2-ATP
Fourway prod schema kv_pe/APEX2-ATP-FOURWAY-PROD
Pre-prod schema kv_pe/APEX2-ATP-PREPROD

Mount convention emerging across the estate: kv_pe/ for our internal/PE-side OCI credentials; per-customer mounts (fourway_kv/, ur/) for customer-specific application credentials.

5. Technology behind it

  • Type: custom-built Oracle APEX application (the TnE Connect product)
  • Platform: Oracle Autonomous Database (Free Tier) + APEX runtime + ORDS
  • Source repo: bitbucket.org/448_global/workforce.git (currently on Bitbucket — not on our self-hosted GitLab; planned migration tracked under KI-034)
  • Different from Parallax: separately developed over years by a different team with a different dev culture
  • Auth model: Microsoft SSO via Azure AD seeded into APEX authentication scheme (not local APEX accounts as Parallax uses)
  • Custom data model: workforce-specific schema with employee, timesheet, scheduling, and access-control entities

Dev / CD workflow (notably more mature than Parallax)

graph LR
    JIRA[JIRA ticket] --> Branch[auto branch creation in repo]
    Branch --> CoderWS[auto Coder workspace<br/>+ APEX workspace<br/>+ seed data]
    CoderWS --> Dev[Developer codes]
    Dev --> AI[AI-based code review]
    AI --> PR[auto PR created]
    PR --> Manual[Manual review + accept]
    Manual --> Extract[Manual: extract from git,<br/>zip, upload to prod]

The manual deploy step at the end is the equivalent of Parallax's KI-032 — even though the upstream pipeline is automated, the production push is still a human-driven extract/zip/upload. Promotable to a true CD step in Phase 2.

6. Data it handles

Heavy PII — this is the highest-PII surface in the customer-facing estate:

Data class Present? Notes
Personal data (PII) yes — heavy Employee names, contact details, IDs
Workforce data yes Hours worked, timesheets, schedules
Access-control records yes who can see what (manager hierarchy)
Authentication secrets mixed passwords federated to M365; OTP and other secrets in fourway_kv/
Financial / payment data [CONFIRM] does TnE Connect calculate or store payroll data?

GDPR + UK DPA scope: because of the PII volume, this app is firmly within scope. We owe Fourway the ability to honour data-subject access / deletion requests. Coordination with their HR/legal needed for the DPA.

7. External dependencies

  • OCI EIDOSDev1 tenancy availability
  • E1 Caddy (vanity URLs)
  • E2 Dokploy/Traefik (customer-facing apex routing)
  • Bitbucket for source code (KI-034)
  • Microsoft Azure (Entra) — two App Registrations in Fourway's own M365 tenant, both managed by Fourway's tenant administrator:
  • OIDC SSO for end-user sign-in into the TnE Connect APEX app. Client ID + secret should live in Vault under fourway_kv/.
  • Microsoft Graph (delegated permissions) for the leave-application calendar integration — when a Fourway staff member submits a leave request inside TnE Connect, the app reads / writes the corresponding Outlook calendar event in Fourway's M365.
  • Vault on O1 for secrets (recovered post KI-033)
  • Oracle Email Delivery (shared kv_pe/OCI-SMTP) for transactional email

8. Authentication & access

  • End-user login: Microsoft SSO via Azure AD (Fourway's own M365 tenant). Authentication scheme is seeded in APEX with Microsoft federation. MFA inherited from M365 if Fourway enforces it on their side.
  • APEX workspace admin (developers): Vishnu, Bradley [CONFIRM]
  • ADB ADMIN: Vishnu, Bradley
  • MFA on workspace / ADB admin: not enforced (KI-031) — same gap as Parallax
  • Access management for end users: [INFO NEEDED] — likely a custom user-management page in the app, similar pattern to Parallax's ur_users table
  • Bug / access requests from Fourway: same JIRA-via-n8n pattern as Parallax — UI button → n8n workflow → JIRA ticket

9. Maturity assessment

Dimension Status Evidence
Backups Hobby Oracle 60-day retention but not restorable on Free Tier. No off-host export. Major gap.
Restore tested Hobby Not possible on Free Tier (RM-001 addresses this).
Monitoring Hobby No Beszel; OCI built-in metrics not actively reviewed.
Alerting Hobby None configured. Auto-pause events go unalerted.
Redundancy Hobby Free Tier ADB; no cross-region; no read-replica.
Patching cadence Professional (Oracle-managed) Autonomous DB advantage.
Deploy process Trial Sophisticated upstream CI/CD (auto-branch, AI review, PR), but manual extract/zip/upload at the end.
Source-control Trial Robust Git workflow, but on Bitbucket (not consolidated to GitLab).
Environment isolation Trial Pre-prod schema exists in same ADB as prod (better than Parallax which has none).
Auth Trial M365 SSO (good) but no MFA on admin layer.
Secrets handling Trial App-level secrets in Vault. ADB-level credentials in Vault.
Documentation this doc

Overall maturity: trial — the dev/source-control side is more mature than Parallax, but the runtime infra (Free Tier, no DR, no monitoring, no off-host backup) is the same hobby-grade posture for a paying customer.

10. Known risks & vulnerabilities

  • Free Tier ADB serving paying customer (KI-019) — backups exist but can't be restored. A corruption event = unrecoverable data loss for 150 users.
  • No MFA on admin layer (KI-031) — workspace admin and ADB ADMIN credentials are single-factor; full app-data access if any one is phished.
  • Heavy PII on a Free Tier system (KI-035) — the data sensitivity warrants paid-tier infra and proper DR.
  • Oracle 19c → 26ai migration pending (KI-036) — Oracle is asking us to schedule the upgrade. Without a restorable backup on the Free Tier, a botched major-version migration is unrecoverable. Strongly couples with RM-001: upgrade to paid tier before attempting the version migration so we have rollback capability.
  • Source on Bitbucket not GitLab (KI-034) — third-party dependency, vendor lock, and the Bitbucket account is on Vishnu's personal username (bus factor).
  • Auto-pause after 7 days idle (KI-006) — unlikely to bite at 150 active users, but no keep-alive heartbeat configured to guarantee.
  • No external uptime monitor — outages found by user complaint (RM-038 will fix).
  • Manual final deploy step — sophisticated CI/CD upstream but no automated push to prod ADB.
  • Direct ORDS URL is publicly reachable (KI-011) — same exposure as Parallax.

Planned SaaS-hardening for the TnE Connect product family (covers this tenant): - RM-043 — formal VAPT engagement before the SaaS go-to-market matures further. Both Fourway and Eidos tenants in scope; report shareable with prospective enterprise customers under NDA.

11. Impact if it goes down

  • 150 Fourway employees blocked from timesheet / scheduling functions.
  • Paying customer escalates; reputational damage to the SaaS launch (RocketSaas-marketed go-to-market).
  • Possible contractual / commercial pressure though no formal SLA penalty.
  • Data-loss event would be unrecoverable on the current Free Tier — that's the worst-case scenario.

12. Owner & on-call

  • Primary owner: [INFO NEEDED] (TnE Connect product team)
  • DBA: Bradley Leggett
  • Cloud admin: Vishnu Kant
  • On-call channel: [INFO NEEDED] (formal channel TBD)
  • Recovery runbook: TBD (RB-005 candidate — "Fourway tenant data corruption / loss")

13. References & links

  • Customer-facing URL: https://fourway.tneconnect.app
  • APEX builder vanity URL: https://apex2.projecteidos.com
  • APEX builder direct URL: https://G8EE0CCE1DAD263-APEX2.adb.uk-london-1.oraclecloudapps.com/ords/apex
  • Source repo: https://bitbucket.org/448_global/workforce.git (Bitbucket)
  • OCI tenancy: EIDOSDev1, compartment FOURWAY
  • ADB instance: APEX2 (OCID ocid1.autonomousdatabase.oc1.uk-london-1.anwgiljrbm2l2oia66geugajrnorcejhcdzt6pjdsmwzg52jsizhbfhsowza)
  • Vault paths: fourway_kv/ (Fourway-specific) + kv_pe/APEX2-ATP-* (ADB credentials)
  • Sister tenant: TnE Connect — Eidos Global tenant
  • Marketing site: TnE Connect WordPress — currently fronted by RocketSaas marketing partner
  • Customer-relationship CRM: CRM TnE Connect
  • Domain: see domains.md